Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26/11/2024, 01:14
General
-
Target
9729c5c4375579bc75f478d389ee42305aacb2cf555baa5f53d520a096ead167N.exe
-
Size
83KB
-
MD5
67099e34768aa6dc60c27c6519ab8850
-
SHA1
9a8144a735fc0398bde5838e4c5fb7ee6dad25b5
-
SHA256
9729c5c4375579bc75f478d389ee42305aacb2cf555baa5f53d520a096ead167
-
SHA512
977150c14647af428275398f3e95960b099898d982ccb2bb9a89fad6f3cebade1ef30d55bf32a138a2da4fb9ca6df31325c23d1c0aa886a7a942bf02fe046dc4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QM:ymb3NkkiQ3mdBjFIIp9L9QrrA8n
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9729c5c4375579bc75f478d389ee42305aacb2cf555baa5f53d520a096ead167N.exe"C:\Users\Admin\AppData\Local\Temp\9729c5c4375579bc75f478d389ee42305aacb2cf555baa5f53d520a096ead167N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbntn.exec:\bhbntn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjd.exec:\pjdjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxxff.exec:\lfrxxff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhbh.exec:\thbhbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdj.exec:\vjvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrfll.exec:\xxrrfll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbb.exec:\tnttbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjjp.exec:\5vjjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrfx.exec:\xrrrrfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhnt.exec:\btbhnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdp.exec:\jvpdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxfrf.exec:\rxrxfrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbnh.exec:\tnhbnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrfrfr.exec:\xfrfrfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtttn.exec:\bhtttn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvv.exec:\jpdvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnnt.exec:\bhnnnt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnbh.exec:\bbhnbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfffff.exec:\xxfffff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrxxff.exec:\lrrxxff.exe23⤵
- Executes dropped EXE
-
\??\c:\3nttnt.exec:\3nttnt.exe24⤵
- Executes dropped EXE
-
\??\c:\9rfflrx.exec:\9rfflrx.exe25⤵
- Executes dropped EXE
-
\??\c:\3httth.exec:\3httth.exe26⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe27⤵
- Executes dropped EXE
-
\??\c:\llxxlrf.exec:\llxxlrf.exe28⤵
- Executes dropped EXE
-
\??\c:\pddvd.exec:\pddvd.exe29⤵
- Executes dropped EXE
-
\??\c:\llrlfll.exec:\llrlfll.exe30⤵
- Executes dropped EXE
-
\??\c:\7ttttt.exec:\7ttttt.exe31⤵
- Executes dropped EXE
-
\??\c:\rxlllrx.exec:\rxlllrx.exe32⤵
- Executes dropped EXE
-
\??\c:\1rffxxl.exec:\1rffxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\hnnntn.exec:\hnnntn.exe34⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrxflx.exec:\rlrxflx.exe36⤵
- Executes dropped EXE
-
\??\c:\rfxflxr.exec:\rfxflxr.exe37⤵
- Executes dropped EXE
-
\??\c:\jjpvv.exec:\jjpvv.exe38⤵
- Executes dropped EXE
-
\??\c:\bttttb.exec:\bttttb.exe39⤵
- Executes dropped EXE
-
\??\c:\xxlllrf.exec:\xxlllrf.exe40⤵
- Executes dropped EXE
-
\??\c:\nntbbb.exec:\nntbbb.exe41⤵
- Executes dropped EXE
-
\??\c:\1bhhhn.exec:\1bhhhn.exe42⤵
- Executes dropped EXE
-
\??\c:\7vpvd.exec:\7vpvd.exe43⤵
- Executes dropped EXE
-
\??\c:\xxffrrx.exec:\xxffrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\bnhhhn.exec:\bnhhhn.exe45⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe46⤵
- Executes dropped EXE
-
\??\c:\9vvpp.exec:\9vvpp.exe47⤵
- Executes dropped EXE
-
\??\c:\xrlrffr.exec:\xrlrffr.exe48⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe49⤵
- Executes dropped EXE
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe52⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe53⤵
- Executes dropped EXE
-
\??\c:\lxxflrf.exec:\lxxflrf.exe54⤵
- Executes dropped EXE
-
\??\c:\bbnnbb.exec:\bbnnbb.exe55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vpvvv.exec:\vpvvv.exe56⤵
- Executes dropped EXE
-
\??\c:\xlxllrr.exec:\xlxllrr.exe57⤵
- Executes dropped EXE
-
\??\c:\frllfff.exec:\frllfff.exe58⤵
- Executes dropped EXE
-
\??\c:\ntthbh.exec:\ntthbh.exe59⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe60⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe61⤵
- Executes dropped EXE
-
\??\c:\xffllll.exec:\xffllll.exe62⤵
- Executes dropped EXE
-
\??\c:\nhnbbh.exec:\nhnbbh.exe63⤵
- Executes dropped EXE
-
\??\c:\btnnnt.exec:\btnnnt.exe64⤵
- Executes dropped EXE
-
\??\c:\dppdd.exec:\dppdd.exe65⤵
- Executes dropped EXE
-
\??\c:\fxrrlrx.exec:\fxrrlrx.exe66⤵
-
\??\c:\lxrrfrx.exec:\lxrrfrx.exe67⤵
-
\??\c:\5hthnn.exec:\5hthnn.exe68⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe69⤵
-
\??\c:\jpvjp.exec:\jpvjp.exe70⤵
-
\??\c:\lxxlrrf.exec:\lxxlrrf.exe71⤵
-
\??\c:\rrflrff.exec:\rrflrff.exe72⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe73⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe74⤵
-
\??\c:\flxrffx.exec:\flxrffx.exe75⤵
-
\??\c:\tbbttn.exec:\tbbttn.exe76⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe77⤵
-
\??\c:\ffrrxff.exec:\ffrrxff.exe78⤵
-
\??\c:\flrrxfl.exec:\flrrxfl.exe79⤵
-
\??\c:\nnbbbb.exec:\nnbbbb.exe80⤵
-
\??\c:\vjddd.exec:\vjddd.exe81⤵
-
\??\c:\rrrrxxf.exec:\rrrrxxf.exe82⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe83⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe84⤵
-
\??\c:\pdppd.exec:\pdppd.exe85⤵
-
\??\c:\rxfffxr.exec:\rxfffxr.exe86⤵
-
\??\c:\rflllrl.exec:\rflllrl.exe87⤵
-
\??\c:\htbthh.exec:\htbthh.exe88⤵
-
\??\c:\djdjp.exec:\djdjp.exe89⤵
-
\??\c:\jdddd.exec:\jdddd.exe90⤵
-
\??\c:\llrxllf.exec:\llrxllf.exe91⤵
-
\??\c:\hnnhht.exec:\hnnhht.exe92⤵
-
\??\c:\nbnnhn.exec:\nbnnhn.exe93⤵
-
\??\c:\pjppp.exec:\pjppp.exe94⤵
-
\??\c:\llrrxff.exec:\llrrxff.exe95⤵
-
\??\c:\lffxflr.exec:\lffxflr.exe96⤵
-
\??\c:\ttnttb.exec:\ttnttb.exe97⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe98⤵
-
\??\c:\ffrlrlx.exec:\ffrlrlx.exe99⤵
-
\??\c:\lflxrxx.exec:\lflxrxx.exe100⤵
-
\??\c:\ttbhhn.exec:\ttbhhn.exe101⤵
-
\??\c:\3vdvd.exec:\3vdvd.exe102⤵
-
\??\c:\vpppp.exec:\vpppp.exe103⤵
-
\??\c:\rfllflr.exec:\rfllflr.exe104⤵
-
\??\c:\1nhnnh.exec:\1nhnnh.exe105⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe106⤵
-
\??\c:\dpppp.exec:\dpppp.exe107⤵
-
\??\c:\rflfllr.exec:\rflfllr.exe108⤵
-
\??\c:\lxrrrff.exec:\lxrrrff.exe109⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe110⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe111⤵
-
\??\c:\djjpp.exec:\djjpp.exe112⤵
-
\??\c:\lrrrxfl.exec:\lrrrxfl.exe113⤵
-
\??\c:\tbntbt.exec:\tbntbt.exe114⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe115⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe116⤵
-
\??\c:\rfxxflr.exec:\rfxxflr.exe117⤵
-
\??\c:\bnhntt.exec:\bnhntt.exe118⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe119⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe120⤵
-
\??\c:\fllxrll.exec:\fllxrll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-